GDPR Compliance

1. GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on 25 May 2018 across the European Union. It strengthens data protection rights for individuals and establishes clear obligations for organisations that process personal data.

1.1 What is GDPR?

Protect Personal Data: Ensures individuals have control over their personal information
Harmonise Laws: Creates consistent data protection rules across all EU member states
Strengthen Rights: Gives individuals stronger, enforceable rights regarding their data
Increase Accountability: Requires organisations to demonstrate ongoing compliance
Impose Penalties: Establishes significant fines for non-compliance (up to 4% of global turnover)

1.2 Our GDPR Commitment

Privacy by Design: Privacy protection built into all our systems and processes from the start
Transparency: Clear, accessible information about all data processing activities
User Control: Practical tools giving you control over your data and consent choices
Data Minimisation: Collecting only data strictly necessary for our services
Security: Appropriate technical and organisational security measures throughout
Accountability: Documented policies, procedures, and evidence of compliance

1.3 Key GDPR Principles We Follow

Lawfulness, Fairness, and Transparency: Processing data lawfully with clear user information
Purpose Limitation: Using data only for the specific, explicit purposes stated
Data Minimisation: Collecting only adequate, relevant, and limited data
Accuracy: Keeping personal data accurate and up to date
Storage Limitation: Retaining data only as long as genuinely necessary
Integrity and Confidentiality: Ensuring appropriate security of personal data
Accountability: Actively demonstrating compliance with all GDPR principles

🛡️ GDPR Compliance Assurance

We take GDPR compliance seriously and have implemented comprehensive measures to ensure your personal data is protected to the highest European standards. Your privacy rights are fundamental to how we operate.

2. Data Controller Information

Under GDPR, we act as the data controller for personal data collected and processed through CalculatorForYou.online. This means we determine the purposes and means of processing your personal data.

Data Controller Details

Entity Name: CalculatorForYou.online

Website: https://calculatorforyou.online

Privacy Email: privacy@calculatorforyou.online

DPO Contact: info@calculatorforyou.online

Service Type: Free Online Calculator Platform

2.1 Controller Responsibilities

Determining Purposes: Deciding why we process your personal data
Choosing Means: Determining how we process your personal data
Ensuring Lawfulness: Maintaining a valid lawful basis for all processing activities
Protecting Rights: Ensuring your data subject rights can be exercised freely
Implementing Safeguards: Putting appropriate security and organisational measures in place
Demonstrating Compliance: Maintaining records and evidence of GDPR compliance

2.2 Data Processors We Use

Hosting Providers: Companies that host our website infrastructure and data
Google Analytics: Website analytics and performance monitoring
Google AdSense: Advertising delivery to support our free service
Security Services: Providers of fraud prevention and security services
Support Tools: Customer support and communication platforms

📝 Processor Agreements

All our data processors are bound by written Data Processing Agreements (DPAs) that impose GDPR-compliant obligations, security requirements, confidentiality terms, and audit rights. We do not engage processors that cannot demonstrate adequate data protection standards.

3. Lawful Basis for Processing

Under GDPR Article 6, we must have a valid lawful basis for each processing activity. We rely on the following bases depending on the type and purpose of processing.

3.1 Consent — Article 6(1)(a)

Non-Essential Cookies: Analytics, advertising, and functional cookies
Ad Personalisation: Personalised advertising via Google AdSense
Marketing Communications: Any newsletters or promotional emails (if applicable)

3.2 Legitimate Interests — Article 6(1)(f)

Website Operation: Providing and maintaining our free calculator services
Security: Protecting our website and users from fraud, abuse, and attacks
Service Improvement: Anonymised analytics to improve calculator accuracy and usability
Business Operations: Managing our operations and providing customer support

3.3 Contract Performance — Article 6(1)(b)

Service Delivery: Providing the specific calculator services you request
Customer Support: Responding to your support inquiries and resolving issues

3.4 Legal Obligation — Article 6(1)(c)

Regulatory Compliance: Meeting applicable legal and regulatory requirements
Law Enforcement: Responding to lawful requests from competent authorities
Record Keeping: Maintaining records required by law

3.5 Special Category Data

We do not intentionally collect or process special category data (health, racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, sexual orientation). If you voluntarily include such data in a support request or form submission, we process it solely to respond to your inquiry under explicit consent and delete it once no longer needed.

⚖️ Lawful Basis Review

We regularly review our lawful bases to ensure they remain appropriate and valid. If you have questions about the lawful basis for a specific processing activity, contact our DPO.

4. Your Data Subject Rights

Under GDPR, you have six core rights regarding your personal data. We are committed to facilitating all of them promptly and without unnecessary friction.

Right of Access

Obtain confirmation of whether we process your data, access a copy of it, and learn how we use it (Article 15).

Right to Rectification

Have inaccurate or incomplete personal data corrected or completed (Article 16).

Right to Erasure

Have your personal data deleted ("right to be forgotten") in certain circumstances (Article 17).

Right to Portability

Receive your data in a structured, machine-readable format and transfer it elsewhere (Article 20).

Right to Object

Object to processing based on legitimate interests or direct marketing at any time (Article 21).

Right to Restriction

Restrict how we process your data in certain circumstances, such as while accuracy is contested (Article 18).

4.1 When Each Right Applies

Erasure: When data is no longer necessary, consent is withdrawn, processing was unlawful, or you successfully object
Portability: Applies when processing is based on consent or contract and carried out by automated means
Restriction: When you contest accuracy, processing is unlawful but you prefer restriction over erasure, or you have objected pending verification
Object: You can always object to direct marketing — we must stop immediately. For legitimate-interest processing, we stop unless we can demonstrate compelling grounds

⌛ Response Timeframes

We will respond to all rights requests within one calendar month of receipt. For complex or multiple requests, we may extend by up to two further months and will notify you of the extension and the reasons within the initial one-month period. All responses are provided free of charge.

5. Data Processing Activities

We maintain records of all data processing activities as required by GDPR Article 30. The table below provides an overview of our primary processing activities.

Processing Activity	Purpose	Lawful Basis	Data Categories	Retention
Website Analytics	Improve user experience and performance	Legitimate Interest	Anonymised usage data, device info	26 months
Advertising	Display relevant ads (funds free service)	Consent	Browsing context, interests	13 months
Security Monitoring	Protect against fraud and abuse	Legitimate Interest	IP addresses, access logs	12 months
Customer Support	Respond to inquiries and requests	Contract Performance	Name, email, support content	3 years
GDPR Rights Requests	Process and fulfil data subject requests	Legal Obligation	Identity and request details	3 years

5.1 Data We Collect

Technical Data: IP address, browser type, device type, operating system
Usage Data: Pages visited, calculators used, session duration (anonymised)
Contact Data: Name and email provided voluntarily via contact or rights request forms
Cookie Data: Cookie identifiers set by us or third-party services (see our Cookie Policy)

5.2 We Do Not Collect

Calculator inputs — computations run entirely in your browser and are never transmitted to our servers
Special category data (health, financial, biometric, etc.) from calculator usage
Personal data from users under 16 without verifiable parental consent

📋 Article 30 Records

We maintain comprehensive Article 30 records covering all processing activities, including purposes, data categories, recipients, retention periods, and security measures. These records are available to supervisory authorities on request.

6. Consent Management

Where we rely on consent as our lawful basis, we ensure it meets every GDPR requirement — freely given, specific, informed, unambiguous, and easily withdrawable.

6.1 GDPR Consent Requirements We Uphold

Freely Given: Refusing consent has no negative impact on accessing our calculators
Specific: Separate consent for each cookie category (analytics / advertising / functional)
Informed: Clear explanations of what each consent covers before you decide
Unambiguous: Positive opt-in action required — no pre-ticked boxes
Withdrawable: Easy to withdraw at any time via our cookie preference centre

6.2 How We Obtain and Record Consent

Cookie Banner: Granular consent mechanisms displayed on first visit
Timestamp Records: We record when, what, and how consent was given
Withdrawal Records: When and how consent was withdrawn
Version Control: Consent re-sought when our privacy notice changes materially

6.3 Withdrawing Consent

Cookie Preference Centre: Available via the link in our site footer
Browser Settings: Delete cookies or block categories in your browser
Google Ad Settings: Manage ad personalisation directly ↗
Contact Us: Email privacy@calculatorforyou.online and we will action your withdrawal within 48 hours

6.4 Children's Data (Under 16)

Processing personal data of children under 16 requires verifiable parental or guardian consent
Our calculators are general-purpose educational tools with no age-gating, but we do not knowingly target children under 16 with personalised advertising
If you believe a child's data has been submitted without consent, contact us at privacy@calculatorforyou.online and we will delete it promptly

👤 Consent Management Tools

Withdrawing consent will never block access to our calculators. Your privacy choices are respected immediately — we do not impose any penalty or service degradation for opting out.

7. International Data Transfers

Some of our service providers (primarily Google) are located outside the European Economic Area. We ensure all international transfers comply with GDPR Chapter V requirements.

7.1 Transfer Mechanisms We Use

Standard Contractual Clauses (SCCs): EU Commission-approved model clauses used with all non-EEA processors
Adequacy Decisions: Transfers to countries with a European Commission adequacy decision (e.g. UK, Canada)
Supplementary Measures: Technical measures (encryption, pseudonymisation) where required by transfer impact assessments

7.2 Key Transfer Destinations

United States: Google Analytics and Google AdSense — governed by Google's EU SCCs and Data Processing Terms
United Kingdom: Covered by EU adequacy decision for the UK
No Other Transfers: We do not transfer data to other third countries without adequate safeguards

7.3 Google Services Transfer Safeguards

Google's EU Data Processing Terms ↗ apply to all Google services we use
Google implements EU-approved SCCs for US transfers
You can control data sharing via Google Account settings ↗

⚠️ Transfer Monitoring

We continuously monitor the legal landscape for international transfers — including the Schrems II implications — and update our safeguards promptly when mechanisms change. If you have questions about a specific transfer, contact our DPO.

8. Data Security Measures

We implement appropriate technical and organisational measures under GDPR Article 32 to ensure a level of security appropriate to the risk.

8.1 Technical Safeguards

HTTPS / TLS Encryption: All data in transit is encrypted using TLS 1.2+ across the entire site
Secure Cookie Flags: Sensitive cookies use Secure and HttpOnly flags
Access Controls: Role-based access with least-privilege principles
Network Security: Firewalls, DDoS protection, and intrusion detection
Vulnerability Management: Regular security patching and dependency updates

8.2 Organisational Measures

Data Protection Policies: Documented policies for all data handling activities
Staff Awareness: Data protection training for all personnel with data access
Incident Response Plan: Documented procedures for detecting and responding to breaches
Vendor Due Diligence: Security assessment and DPA for all third-party processors
Privacy Impact Assessments: DPIAs conducted before introducing new processing activities

8.3 Privacy by Design and Default

Calculator Privacy: All calculations run client-side in your browser — inputs are never transmitted to our servers
No Accounts Required: You can use all 110+ calculators without creating an account or providing personal data
Data Minimisation Default: We collect the minimum data necessary, not the maximum possible
Automatic Deletion: Data is deleted automatically when retention periods expire

🛡️ Security Commitment

Our security measures are reviewed and updated regularly to address emerging threats. If you discover a security vulnerability, please report it responsibly to privacy@calculatorforyou.online.

9. Data Breach Procedures

We have established comprehensive procedures for detecting, assessing, and responding to personal data breaches in accordance with GDPR Articles 33 and 34.

9.1 Breach Detection and Assessment

Automated Monitoring: Continuous systems that detect anomalies and potential breaches
Staff Reporting: Clear internal process for staff to report suspected incidents immediately
Processor Notifications: Contractual obligation for all processors to notify us of incidents without undue delay
Risk Scoring: Systematic assessment of likelihood and severity of harm to individuals

9.2 Supervisory Authority Notification — 72 Hours

We notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to individuals' rights and freedoms
Notification includes: nature of the breach, categories and approximate number of individuals affected, likely consequences, and measures taken or proposed
Where notification is delayed beyond 72 hours, we provide reasons for the delay

9.3 Individual Notification

We notify affected individuals without undue delay when a breach is likely to result in a high risk to their rights and freedoms
Notifications use clear, plain language describing the nature of the breach, likely consequences, and recommended protective actions
We maintain a breach register documenting all incidents, investigations, notifications, and remediation actions

🚨 Report a Suspected Breach

If you suspect a data breach or security incident involving your personal data, contact us immediately at privacy@calculatorforyou.online with the subject line "Security Incident". We investigate all reports seriously and respond promptly.

10. Data Protection Officer

We have designated a Data Protection Officer (DPO) to oversee our GDPR compliance programme and serve as the primary contact point for all data protection matters.

10.1 DPO Responsibilities

Compliance Monitoring: Overseeing compliance with GDPR and applicable data protection laws
Training: Raising awareness and providing guidance to all staff handling personal data
DPIAs: Conducting and reviewing Data Protection Impact Assessments
Rights Requests: Overseeing responses to all data subject requests
Authority Liaison: Acting as the contact point for supervisory authorities
Policy Development: Developing, reviewing, and updating data protection policies

DPO Contact Information

Email: dpo@calculatorforyou.online

Subject Line: Please include "DPO – [Your Query]"

Response Time: Acknowledgement within 2 business days; full response within statutory timeframe

Language: English (other languages available on request)

10.2 When to Contact the DPO

Questions about how we process your personal data
Assistance exercising any of your GDPR data subject rights
Concerns or complaints about our data protection practices
Reporting a suspected data breach or security incident
Questions about consent, withdrawing consent, or your cookie choices

10.3 DPO Independence

Our DPO operates independently with direct reporting to senior management, no conflicts of interest, professional expertise in data protection law, and is protected from dismissal or penalty for performing their duties — in accordance with GDPR Article 38.

11. Exercising Your Rights

You can submit a rights request at any time using the form below or by emailing privacy@calculatorforyou.online. All requests are free of charge.

11.1 What to Include in Your Request

Clear Request: Which specific right you wish to exercise
Identity Information: Enough information to allow us to verify your identity
Specific Details: Any specific data, time period, or processing activity your request concerns
Contact Preference: Your preferred format and method of response

11.2 Identity Verification

To protect your data from unauthorised access, we may need to verify your identity before processing a request. We use proportionate verification measures — we will not request more information than necessary. All verification is handled securely.

11.3 Possible Outcomes

Full Compliance: We fulfil your request completely within the statutory timeframe
Partial Compliance: We fulfil part of your request and explain any limitations in writing
Reasoned Refusal: Where a legal exception applies, we explain the grounds in writing
Clarification Request: We may request clarification to process complex requests accurately

🤝 Our Commitment

We are committed to facilitating the exercise of your GDPR rights without obstacles or unnecessary delays. If we refuse a request, we will always explain why and inform you of your right to complain to a supervisory authority.

12. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe we have not handled your personal data in accordance with GDPR.

12.1 When to Contact a Supervisory Authority

You believe we have violated GDPR provisions in processing your data
You are not satisfied with our response to a rights request
You have concerns about data security or a suspected breach
You believe we lack a valid lawful basis for a processing activity

12.2 Which Authority to Contact

Your Member State Authority: The supervisory authority in the EU country where you reside or work
Where the Infringement Occurred: The authority in the country where the alleged GDPR violation took place

📍 Key EU Supervisory Authorities

Ireland (DPC): dataprotection.ie ↗

Germany (BfDI): bfdi.bund.de ↗

France (CNIL): cnil.fr ↗

Netherlands (AP): autoriteitpersoonsgegevens.nl ↗

UK (ICO): ico.org.uk ↗ (post-Brexit, separate from EU GDPR)

Full list: European Data Protection Board ↗

12.3 Before Filing a Complaint

We encourage you to contact us first — most concerns can be resolved quickly. You can reach our DPO at dpo@calculatorforyou.online. However, your right to complain to a supervisory authority is unconditional and does not require you to contact us first.

⚖️ Your Complaint Rights

Your right to lodge a complaint with a supervisory authority is in addition to — not instead of — any other administrative or judicial remedy. You can pursue multiple avenues simultaneously for resolving data protection concerns.

Data Protection & Privacy Rights

🇪🇺 European Union Data Protection